Backup and Security: Besties Forever
An integration pact between Veeam and Sophos, and new integration tech from Acronis, suggest that stand-alone BDR and security software could soon be obsolete.
The notion that backup and security are closely related elements of a complete cyber protection strategy isn’t a new one. Indeed, next month will mark 15 years since Barracuda first added backup to a product lineup previously focused on email and web security.
It took the explosive proliferation of ransomware in the 2010s, however, to begin persuading people that merely having backup and security solutions might not be good enough. When (not if) even thoroughly layered defenses failed to keep ransomware out, experts increasingly agreed, businesses would need tightly integrated backup and security solutions to keep up with the swift, brutal consequences.
By 2019, vendors were placing big, expensive bets on that proposition. Carbonite (now part of OpenText) paid north of $600 million that February, for example, to buy security vendor Webroot, and Acronis rolled out an integrated BDR/security suite that October. By 2021, moreover, 26% of MSPs had integrated their BDR and security tools, 47% were actively in the process of linking them, and another 25% planned to start integration efforts in the future, per research by Acronis.
This Tuesday, however, felt like a significant turning point in the steady ascent of automated, coordinated backup and security solutions. That was the day one of the biggest names in data protection (Veeam, with over 450,000 customers) and one of the biggest names in security (Sophos, with over 500,000 customers) announced an integration pact aimed at helping joint partners detect and respond to ransomware and other threats more effectively.
More specifically, Veeam backup solutions can now help end users spot attacks sooner by feeding real-time telemetry to Sophos’s MDR service. “We gain more context,” explains Marty Ward (pictured), the security vendor’s vice president of product marketing. On its own, he notes, something like an unidentified user trying to access a network via RDP may or may not be a problem.
“It could be an adversary. It could be a regular IT person,” Ward says. “But if we see somebody doing that in conjunction with somebody attempting to disable a backup or tamper with the backups, those two weak signals become strong signals.” At which point Sophos analysts can either remediate the threat or tell the victim’s MSP how to do it themselves. If appropriate, they can instruct Veeam’s software to take a fresh snapshot of an imperiled infrastructure too.
“This is now bi-directional communication,” says Danny Allan, Veeam’s CTO. And it’s increasingly must-have versus nice-to-have functionality for companies like Veeam, he adds.
“A data protection vendor that is not partnering with experts in security has an inadequate strategy,” Allan says. Veeam solutions have had built-in security capabilities for years, he notes, but that’s no substitute for allying with “security partners out there like Sophos that have been in the business for decades and have a deep expertise with a long maturity in the space.”
Which raises the question of what lies ahead for backup vendors that don’t have a strategic integration partner, or security vendors without integrated data protection for that matter. Such companies were already facing tough competition from big, deep-pocketed rivals like ConnectWise, Kaseya, and N-able, all of which have backup and security solutions in their integrated suites, not to mention backup/security vendors like Acronis, Barracuda, and OpenText. How long before ransomware renders stand-alone anything in the realm of cyber protection obsolete?
There was new software from Veeam this week too
Per Allan above, the Veeam Data Platform has had security functionality for a long time, and it gained some more this week with the release of Veeam’s 23H2 update, which includes version 12.1 of Veeam Backup & Replication. There are lots of examples, but here are four worth quickly calling out:
Inline ransomware detection. Inspecting backups for malware after they’re stored has been possible in Veeam’s platform since 2019. Users can now do it in real time during the backup process itself, however. Better yet, they don’t have to inspect an entire backup every time they scan for threats. “The inline capability is incremental,” Allan notes. “It looks at what has changed since the last time we’ve inspected the environment.”
Automated clean restores. Point-in-time recovery isn’t new to Veeam, but in the past users had to find the most recent pre-infection backup themselves and restore it manually. Built-in AI now enables Veeam to do all that for you. “You can literally just check a box and say, ‘find the last clean restore point,’” Allan explains.
“Four eyes” backup protection. The is not about protecting backups from people who wear glasses. In cybersecurity, employing the so-called “four eyes” principle means requiring two separate people to approve especially risky activities. Veeam users can now apply that safeguard to deleting backups. “We’ve implemented controls so that it requires multiple people to agree to take that action because it’s so sensitive,” Allan says.
The Veeam Threat Center. This is a new console designed to highlight threats, identify risks, and assign environments a security score based on how safe they are and where they can improve.
Acronis invests in integration too
Veeam’s alliance with Sophos isn’t the only recent sign of how critical integrations have become for BDR and security vendors. In fact, it’s not even the only sign this month. Just last week, Acronis—which presumably has lots of other potential uses for R&D dollars—announced that it used some of its dev budget to create a new low-code integration technology called the CyberApp Standard.
Unlike what Veeam and Sophos are up to, the goal in this case isn’t connecting data protection with cybersecurity so much as linking the Acronis Cyber Protect Cloud platform to almost anything MSPs use regularly.
“In our market, people now make decisions on vendors based on how well they can be integrated into their stack,” says Peter Makarov (pictured), director of the company’s technology partner program and ecosystem. “You can have a great product, but if you can’t integrate that and automate things it’s not going to work.”
They have evidence at Acronis too: fully 90% of IT providers who sign up for a free trial of Acronis software become paying customers if they can integrate the system with their other core systems. Only half of people who can’t integrate the software, by contrast, eventually buy it.
“The more integrated we are with their stack, the more successful we will be,” Makarov observes.
This isn’t a recent insight at Acronis. The company has been exchanging data with ISVs for some seven years via API. Now, however, it wants to boost technician productivity by embedding third-party functionality directly within its own interfaces.
“It’s not us trying to integrate with people. It’s us inviting people to come into our UI,” Makarov says. “An API is not necessarily enough for that.”
The CyberApp Standard is designed to fill that need without requiring partners to invest serious time or money. According to Makarov, in fact, vendors typically need about two weeks to complete an integration using the new tool.
“It will give really quick results for not that big of an effort from the ISV side,” he says.
Acronis hopes that value proposition inspires vendors in 16 initial solution categories to create UI tie-ins. “Think RMM, PSA, password management, device management, [and] SaaS management,” Makarov says. “These are the tools that a typical MSP would use.”
Early adopters include Last Pass, Pax8, Sendmarc, and Stellar Cyber. About 300 more vendors are on the list of further potential users.
“Acronis wants to be an ecosystem of its own,” Makarov says. “This standard will help us be that.”
Also worth noting
HP has folded all of its solutions and services (including Poly, Teradici, and HyperX) into its Amplify partner program, and invited distributors in too. Working to get some time with Kobi Elbaz (global channel chief) soon to discuss this further for a future post.
Cisco has an AI vision for Webex, and it spans beyond the usual GenAI stuff.
For my readers in the Great White North: Cork, the cyber warranty provider you’ve read about here a few times, is coming your way.
Just as we told you to expect weeks ago, Bitdefender now does pen testing.
WatchGuard, for its part, now does MDR. Hoping to discuss this story with someone over there for a future post too.
Looks like the dev team at GoTo has been busy lately based on the nearly 60 updates the company announced this week.
Judy Security, a relative newcomer to the channel with a surprisingly expansive set of products, has a new control panel for it all. I’m keeping an eye on these folks. Hit me up if you have experience with them.